Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-08 20:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
86c2d7a648
DivestOS/Patches/Linux_CVEs/CVE-2016-5342/0.patch

33 lines
1.2 KiB
Diff
Raw Blame History

From 579e796cb089324c55e0e689a180575ba81b23d9 Mon Sep 17 00:00:00 2001
From: Anand Kumar <anandkumar@codeaurora.org>
Date: Tue, 21 Jun 2016 17:36:05 +0530
Subject: wcnss: Avoid user buffer overloading for write cal data
compare size of allocated cal data buffer from heap
and count bytes provided to write by user to avoid
heap overflow for write cal data.
Change-Id: Id70c3230f761385489e5e94c613f4519239dfb1f
CRs-Fixed: 1032174
Signed-off-by: Anand Kumar <anandkumar@codeaurora.org>
---
drivers/net/wireless/wcnss/wcnss_wlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/wcnss/wcnss_wlan.c b/drivers/net/wireless/wcnss/wcnss_wlan.c
index 86f3a48..3f9eeab 100644
--- a/drivers/net/wireless/wcnss/wcnss_wlan.c
+++ b/drivers/net/wireless/wcnss/wcnss_wlan.c
@@ -3339,7 +3339,7 @@ static ssize_t wcnss_wlan_write(struct file *fp, const char __user
return -EFAULT;
if ((UINT32_MAX - count < penv->user_cal_rcvd) ||
- MAX_CALIBRATED_DATA_SIZE < count + penv->user_cal_rcvd) {
+ (penv->user_cal_exp_size < count + penv->user_cal_rcvd)) {
pr_err(DEVICE " invalid size to write %zu\n", count +
penv->user_cal_rcvd);
rc = -ENOMEM;
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink